sirona-aem - Add Domain-Mapping app.dentsplysironadata.com

diff --git a/customer/sirona-aem/production.yaml b/customer/sirona-aem/production.yaml
index fd34b55af242201aee6d0f8b2fbe0c539cf7b741..230e5ad96d90862ff89eea546a1444efc3e72c8f 100644 (file)
--- a/customer/sirona-aem/production.yaml
+++ b/customer/sirona-aem/production.yaml
@@ -230,6 +230,9 @@ aem::domain_mappings:
   www1.dentsplysirona.com:
     aem_path: '/content/flagship-site'
     create_sling_mapping: true
+  app.dentsplysironadata.com:
+    aem_path: '/content/ids-app'
+    create_sling_mapping: true
   assets.dentsplysirona.com:
     aem_path: '/content/dam'
     create_sling_mapping: true
@@ -1516,6 +1519,66 @@ site::profile::aem::publish::pp_vhosts:
       - comment: 'lanugage Rewrite use Env Vars'
         rewrite_rule:
           - '^/$ %%{ich-trickse}{REQUEST_SCHEME}://%%{ich-trickse}{HTTP_HOST}/%%{ich-trickse}{ENV:language}.html [R=301,L]'
+# Sirona app.dentsplysironadata.com
+  app-dentsplysirona:
+    serveraliases:
+      - app.dentsplysironadata.com
+    docroot: '/var/www/html/cache/content/ids-app'
+    ssl_cert: '/etc/pki/tls/certs/wildcard.dentsplysirona.com-cert.pem'
+    ssl_key: '/etc/pki/tls/private/wildcard.dentsplysirona.com-key.pem'
+    ssl_chain: '/etc/pki/tls/certs/wildcard.dentsplysirona.com-cert.pem'
+    docroot_owner: apache
+    setenvif:
+      - 'Origin "http(s)?://(www\.)?(sirona-cerec-test.azurewebsites.net|sirona-cerec-stage.azurewebsites.net|cerec.com|sirona-cerec-de.local:3000)$" AccessControlAllowOrigin=$0$1'
+    setenvifnocase:
+      - 'Accept-Language ^.*$ language=en'
+      - 'Accept-Language ^de language=de'
+    headers:
+      - 'add Access-Control-Allow-Origin %%{ich-trickse}{AccessControlAllowOrigin}e env=AccessControlAllowOrigin'
+    aliases:
+      - { alias: /error_custom/ , path: /var/www/html/error_custom/ }
+    error_documents:
+#      - { error_code: 404 , document: "/en/error-pages/404.html" }
+#      - { error_code: 500 , document: "/en/error-pages/500.html" }
+      - { error_code: 502 , document: "/error_custom/error.shtml" }
+      - { error_code: 503 , document: "/error_custom/error.shtml" }
+    directories:
+      # docroot:
+      - provider: directory
+        path: '/var/www/html/cache/content/ids-app'
+        sethandler: dispatcher-handler
+        options:
+          - FollowSymLinks
+      # error_documents
+      - provider: directory
+        path: /var/www/html/error_custom/
+        options:
+          - +Includes
+#      - provider: locationmatch
+#        path: '^/de-de/'
+#        error_documents:
+#          - { error_code: 404 , document: "/de-de/error-pages/404.html" }
+#          - { error_code: 500 , document: "/de-de/error-pages/500.html" }
+      # htaccess
+      - provider: location
+        path: '/'
+        auth_type: Digest
+        auth_name: preview
+        auth_digest_provider: file
+        auth_digest_algorithm: MD5
+        auth_user_file: '/etc/httpd/htdigest'
+        auth_require: 'valid-user'
+        require:
+          - local
+    rewrites:
+      - comment: 'http to https'
+        rewrite_cond:
+          - '%%{ich-trickse}{HTTPS} !=on'
+        rewrite_rule:
+          - '(.*) https://%%{ich-trickse}{HTTP_HOST}%%{ich-trickse}{REQUEST_URI} [R=301,L]'
+      - comment: 'lanugage Rewrite use Env Vars'
+        rewrite_rule:
+          - '^/$ %%{ich-trickse}{REQUEST_SCHEME}://%%{ich-trickse}{HTTP_HOST}/%%{ich-trickse}{ENV:language}.html [R=301,L]'
   assets:
     servername: assets.dentsplysirona.com
     docroot: '/var/www/html/cache/content/dam'
@@ -3315,6 +3378,85 @@ aem::dispatcher::publish_farm:
       - 'Expires'
       - 'Content-Type'
       - 'Access-Control-Allow-Origin'
+  app-dentsplysirona:
+    virtualhosts:
+      - 'app.dentsplysironadata.com'
+    clientheaders:
+      - '*'
+    renders:
+      - { hostname: "127.0.0.1", port: '4503' }
+    filter:
+      - { type: 'deny', glob: '*' }
+      - { type: 'allow', url: '/' }
+      - { type: 'allow', url: '*.html' }
+      - { type: 'allow', url: '*.css'   }  # enable css
+      - { type: 'allow', url: '*.gif'   }  # enable gifs
+      - { type: 'allow', url: '*.ico'   }  # enable icos
+      - { type: 'allow', url: '*.js'    }  # enable javascript
+      - { type: 'allow', url: '*.png'   }  # enable png
+      - { type: 'allow', url: '*.swf'   }  # enable flash
+      - { type: 'allow', url: '*.jpg'   }  # enable jpg
+      - { type: 'allow', url: '*.jpeg'  }  # enable jpeg
+      - { type: 'allow', url: '*.svg'  }  # enable svg
+      - { type: 'allow', url: '*.ttf'  }  # enable ttf
+      - { type: 'allow', url: '*.woff'  }  # enable woff
+      - { type: 'allow', url: '*.woff2'  }  # enable woff2
+      - { type: 'allow', url: '*.eot'  }  # enable eot
+      - { type: 'allow', url: '*.pdf'  }  # enable pdf
+      - { type: 'allow', url: '*.wmv'  }  # enable wmv
+      - { type: 'allow', url: '*.psd'  }  # enable psd (Adobe Photoshop Dokument)
+      - { type: 'allow', url: '*.tif'  }  # enable tif
+      - { type: 'allow', url: '*.zip'  }  # enable zip
+      - { type: 'allow', url: '*.exe'  }  # enable exe
+      - { type: 'allow', url: '*.msi'  }  # enable msi
+      - { type: 'allow', url: '*.indd'  }  # enable indd (Adobe Indesign Dokument)
+      # Enable features
+      - { type: 'allow', url: '/libs/cq/personalization/*' } # enable personalization
+      - { type: 'allow', url: '/content/dam/api.json' } # enable generic asset JSON API
+      - { type: 'allow', url: '*.assetlibrary.json' } # enable asset library JSON API
+      - { type: 'allow', method: 'post', url: '*.forms.html' } # enable forms
+      # Security Rules
+      - { type: 'deny', url: '/etc/'  }
+      - { type: 'deny', url: '/libs/'  }
+      - { type: 'allow', url: '/etc/designs/*'  }
+      - { type: 'allow', url: '/etc/clientlibs/*'  }
+      - { type: 'allow', url: '/etc/segmentation.segment.js'  }
+      - { type: 'allow', url: '/libs/cq/personalization/components/clickstreamcloud/content/config.json'  }
+      - { type: 'allow', url: '/libs/wcm/stats/tracker.js'  }
+      - { type: 'allow', url: '/libs/cq/personalization/*'  }  #  (JS, CSS and JSON)
+      - { type: 'allow', url: '/libs/cq/security/userinfo.json'  }  #  (CQ user information)
+      - { type: 'allow', url: '/libs/granite/security/currentuser.json'  }  #  (data must not be cached)
+      - { type: 'allow', url: '/libs/cq/i18n/*'  }  #  (Internalization)
+      # CSRF
+      - { type: 'allow', url: '/libs/granite/csrf/token.json' } # enable CSRF token
+      # Deny content grabbing
+      - { type: 'deny', url: '*.infinity.json' }
+      - { type: 'deny', url: '*.tidy.json'     }
+      - { type: 'deny', url: '*.sysview.xml'   }
+      - { type: 'deny', url: '*.docview.json'  }
+      - { type: 'deny', url: '*.docview.xml'   }
+      - { type: 'deny', url: '*.*[0-9].json'   }
+      # Deny query
+      - { type: 'deny', url: '*.query.json' }
+    cache_docroot: '/var/www/html/cache/content/ids-app'
+    cache_rules:
+      - { type: 'allow', glob: '*' }
+    cache_invalidate:
+      - { type: 'deny', glob: '*' }
+      - { type: 'allow', glob: '*.html' }
+      - { type: 'allow', glob: '/etc/segmentation.segment.js' }
+      - { type: 'allow', glob: '*/analytics.sitecatalyst.js' }
+    cache_allowed_clients:
+      - { type: 'deny', glob: '*' }
+      - { type: 'allow', glob: '127.0.0.1' }
+    cache_headers:
+      - 'X-Content-Type-Options'
+      - 'X-Frame-Options'
+      - 'X-XSS-Protection'
+      - 'Last-Modified'
+      - 'Expires'
+      - 'Content-Type'
+      - 'Access-Control-Allow-Origin'
   assets:
     virtualhosts:
       - 'assets.dentsplysirona.com'